Josh

I'm a developer in Melbourne, Australia, and co-founder of Hello Code.

Published Fri 09 August 2019

← Home

Thought experiment: could people run their own home email server?

I've been kicking around this idea for a while. I think I'd like to see it exist, but I don't want to do it myself, so I'd like to get others thinking about it too.

The premise

There are lots of reasons why it's risky to let someone host your email. Email is highly valuable data, and often at the core of our online identities. Even if you trust your email provider to secure your data and never have a security breach, do you trust them to respect your privacy? Gmail scrapes purchases you've made from your emails, for example, but you just have to trust that this isn't used to advertise to you.

Gmail is a good example of how the web has increasingly become centralised around a few big players. Even though email is a perfect example of a decentralised protocol—there's no clear advantage to picking a big player, your email will get to you no matter who hosts it—Gmail commands a 53% market share in the US. When we give a few large companies this much power, they can act to further their hold over the market and stop these open protocols from being so open. For example, if Google ever decide they're only going to support a certain rich text email format they invented themselves, their command of the email market is such that everyone else would have no choice but to go along with it.

People choose big services because it's easy, I get it. Even if you do have the technical means to run your own email server, it's a lot more hassle than just signing up for Gmail. The path of least resistance is to let someone else do it all for you. You gain more time and spend less effort, and they gain access to the contents of every email you send and receive.

But what if we could reduce that friction and make it easy, maybe even more pleasant, to host your own email? You could do it in your own house, off your home internet connection, using a tiny home server appliance.

Speed wouldn't be an issue. While you're at home and on the same network, it'd be faster than any other service. I'm not sure how slow it'd feel outside of the house, but if you're not roaming outside the same continent, it probably wouldn't be too bad. Home internet in many countries is quite fast these days, much better than ADSL speeds. Upload speeds vary and are often a lot lower (my current plan here in Australia is 50mbps down and "up to" 20mbps up), but generally they're fast enough for low bandwidth uses like this.

Email server software is both a solved problem, which means a lack of bugs to worry about, and fairly resource-cheap, which means a small, cheap computer is enough to run it. This is ideal for our purposes.

If this setup worked out nicely, there's no reason why it couldn't be extended to hosting your own blog, Mastodon instance, or really anything else that doesn't need to be centralised. I'd love to see a world in which more people hosted their own weird and wonderful sites and social networks.

I don't see why folks couldn't host their older and less tech-savvy friends and relatives on their own server, too, bringing them the same benefits even though they might not have made that choice themselves.

The approach

Firstly, this whole idea is not really about making money, but about making it easier for folks to reclaim their data and level the playing field. So I'd start by setting the whole thing up as a not-for-profit organisation. But that's just me.

I'd create an open-source software bundle containing the email server, configuration interface, and anything else required. Maybe it's a docker container, whatever. I'd make it publicly available so folks with the technical means can run it without buying anything.

For everyone else, I'd sell a basic hardware appliance, a tiny computer with wifi and an ethernet port. I'd charge a one-off amount for the hardware plus a yearly software subscription fee, using that model where users get updates so long as they're subscribed, and if they stop, everything keeps working but without updates. The updates would have to be entirely automated, because if they relied on end-user intervention they just wouldn't happen.

Part of the solution would be to provide a centralised dynamic DNS service so folks have a static, publicly accessible domain for their email that updates to always point to their new home server's IP address. This is about all the central server would provide, aside from software updates.

I'd set up the software in such a way that its central server URL can be configured to wherever you like, so you can use a competing variant if you prefer, or switch to someone else's fork if the original project disappears. With the rise of IoT devices we've seen perfectly good hardware failing because it can no longer talk to its hardcoded host service, so it's important to prevent this.

So how does that sound? I think it's an intriguing idea, but there are also plenty of easy to spot downsides. Let me now list them for you.

The downsides

First, it doesn't sound particularly profitable. Sure, there's more appetite for this sort of thing lately, but the whole approach is more about values than profit, and there's probably not that big a market, so it might not be a sustainable endeavour overall. I don't know anything about selling this sort of hardware to consumers, but I bet it's a pain in the arse too, especially the tech support. And to be honest here: would anyone really buy one?

Secondly, users would see some unavoidable downsides, like switching to a different (and perhaps less enjoyable) web interface for their email, and probably worse spam filtering. There'd have to be some effort made on the UX side of things to make the experience of actually receiving and reading email pleasant. I've not evaluated open-source email web clients to know if something good enough already exists.

One of the selling points is for users to avoid privacy and security breaches by bringing their data in-house, as it were, but how do you keep all these home servers secure and up-to-date? You're exposing a device on a home network to the internet, and we know how well that works with IoT devices. If you weren't able to secure them, they'd be a huge target for hackers. That sort of risk is not fun.

I see an issue with the subscription-based model as well, as unpatched servers with lapsed subscriptions would still be an issue for the service, even though it's the users' fault. Perhaps the updates would have to be free? This obviously tips the scales further towards unsustainability.

Is it possible to set up the DDNS and "update server" services in a way that doesn't expose any user data? You don't want them receiving and forwarding on each email and thus MITMing users. Does this mean the only option is that each home server needs its own domain name, too? That's not terrible but it makes it trickier to set up initially, and perhaps less accessible to ordinary folks (more hassle, another recurring cost...). Would subdomains on the service provider be enough, e.g. me@joshsharp.homeemail.org?

On a related point, can we actually expose the correct ports for IMAP/POP/SMTP over a home internet connection? Some ISPs may block them.

Finally, it's hard to know without trying it out, but the speed and performance of this setup when outside of your house might actually be unpleasant. As mentioned earlier, there might be other UX factors that are deal-breakers too. The idea is to improve things without adding friction, so if the experience is worse people will just stick to using Gmail and Hotmail.

Could this work?

People probably don't need to host their email and/or blog out of their home, I just like the idea of it. It's probably too much work for not enough gain, but you never know. Thanks for entertaining the thought.

To top